I use OpenSSL here for the certificate authority. SUN DS generate a server certificate request, that is to be signed with OpenSSL (in my case).

In SUN One DS administration console, open your LDAP server console, then choose "Manage Certificates". Choose a server if not already done, then generate a server certificate request, using certificate information compatible with your C.A. information (locality, country, etc.).

Save it into a file and copy it in your OpenSSL demoCA directory under the name newreq.pem. Edit the file to remove unexpected lines that the SUN One console often add in the file.

Then, launch:

# /usr/lib/ssl/misc/CA.sh -sign

This creates a file named newcert.pem. Import it in the SUN One console by choosing "Install..." in the "Manage Certificates" tool.